Location security, app bundling helping St John of God manage mobility

With the 2015 completion of its $430m Midland Public and Private Hospitals on the horizon, Perth-based St John of God Health Care is repackaging hundreds of corporate applications and adding location-based intelligence to its device management to maintain consistent security controls over information no matter where its mobile users are located.

With revenues of more than $1 billion annually and over 10,500 staff spread across 230 sites, device management has long been crucial at St John of God, which has long used the Novell ZENworks management platform to manage its 3500 PCs and the applications installed on them. Of these, around 200 satellite sites have no local server infrastructure – and are supported from larger facilities.

“Mobility is really important,” network systems manager Aaron Le Saux told attendees at Novell’s recent Brainshare Technology Forum in Melbourne. “People working in remote offices and pathology collection centres still need the same access that a caregiver would have in one of the hospital’s laboratories.”

To deliver this level of equity, Le Saux’s team has been working to package nearly 300 ‘global’ applications and nearly 1000 others that are only used within operating divisions – ranging from modern tools to aging 16-bit apps “that we should probably have gotten rid of a long time ago” – for delivery to a range of devices that is rapidly expanding to include smartphones and tablets as well as traditional desktops and laptops.

A key part of that shift is ensuring that broader mobile usage doesn’t compromise the integrity of the group’s data – and this requirement is being met by the location-aware access rights enforcement built into the latest version of ZENworks.

This capability has integrated the detection of a remote device’s location – and its associated risk profile – into the core of the network management platform rather than leaving it at the edge device. This makes a device’s location a fundamental part of its network identity – and, said Novell ZENworks product manager Chris Gacesa, network-security administrators can enforce controls over the data itself.

For example, location-based policies might prevent a remote device from copying information to a USB drive, or from allowing information to be written to a device that’s connected to a public WiFi network. Contractors can be given time-limited access to certain applications, with location capabilities allowing them to be locked out of those applications once they’ve physically left the corporate network.

“With that important information about the device’s location, I can allow certain things to occur,” Gacesa said. “There are all sorts of criteria that can define how an application gets distributed down to the machine, how it gets installed and how it gets run. Since we can enforce security levels via a policy, we can ensure that when machines and users move about, the content, data and applications will still be presented in a secure manner.”

This level of protection – backed by full audit, patch management, encryption, time-limited access and other capabilities – has become a core part of the upgrade process for St John of God, where the application-packaging exercise is part of a broader shift, from a thin-client remote-access model to one in which applications are dynamically delivered to any device according to users’ access rights and current situation.

Le Saux expects the massive effort will take six months as the team “systematically works through the bundles” and develops standards for management of those bundles, but notes that the “biggest holdup” is delays around streamlining bundle testing and sign-off by divisional heads.

“A lot of work goes into creating standards in the environment,” he says. “We want them to be able to move between facilities and still be managed as if they’re on the LAN. Repackaging our applications allows us to do that, but creating those standards is the only way you ever get any efficiency out of information systems.”

“Obviously, the instability of an IS system shouldn’t hold up the care of a patient, so we need to jump through a lot of hoops to make sure our environment is signed off and ready before we move a department onto it.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags appmobilitymobile security

More about CSOLANNovellTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place